A design flaw, more accurately described as an exploit, affecting owners of Windows PCs with Intel processors has been discovered.
A software update has been released by Microsoft that fixes the security flaw but could cause the performance of the Intel chips to slow down by as much as 30%.
The Intel processor flaw is related to software "kernels" - the core of an operating system. At the most basic level, the kernel handles the interactions between the operating system and the processor.
In this case, the issue apparently is linked to an exploitable security flaw in the way that the kernel of the Microsoft Windows operating system interacts with Intel processors. In theory, a hacker could exploit this undesirable interaction, using malware, and bypass normal security measures, enabling hackers to "observe" passwords, encryption keys, and other sensitive personal data on computers. The underlying root of the issue has to do with Intel's own processors.
Intel-based PCs running the Linux operating system suffer from the same problem. This could have big implications for cloud computing, given that Linux is popular in datacenters.
Additionally, Apple Mac computers are also reportedly affected and will require an update to fix, as the flaw is primarily based in the physical Intel chip design. It is currently unclear how the flaw and any update fixes will affect Apple computers.
Initial reports indicated that the security flaw was limited to Intel processors, but chipmaker ARM has since said that chips based on its technology are also affected.
Intel, AMD, ARM, original equipment manufacturers, and operating system vendors, have been collaborating to come up with fixes and mitigations for the issue since the discovery of the exploit. Repairs will involve software and firmware updates on both the hardware and the software sides.
Intel CEO States Flaw Discovered Months Ago
According to Intel CEO Brian Krzanich, the widespread microprocessor flaw was discovered by Google months ago, in June of 2017.
Even more alarming is the discovery of $24 million worth shares sold by Mr. Krzanich, months after he had been informed of the security vulnerability — but before the problem was publicly known.
The stock sale left Krzanich with just 250,000 shares of Intel stock — the minimum the company requires him to hold under his employment agreement.
The sell-off could draw even more scrutiny now, given the news about the security vulnerability and the timing of when Intel knew about it.
Intel claims Krzanich's sale was preplanned and had nothing to do with the newly disclosed chip vulnerability— but that plan was put in place months after it learned of the chip vulnerability.
Villas-Boas, A. (2018). Intel CEO: Google discovered the chip problem 'months ago'. [online] Business Insider. Available at: http://www.businessinsider.com/intel-ceo-google-discovered-the-chip-flaw-months-ago-2018-1 [Accessed 9 Jan. 2018].
Villas-Boas, A. (2018). Windows PCs could get a big performance slowdown because of a flaw in Intel chips. [online] Business Insider. Available at: http://www.businessinsider.com/intel-cpu-flaw-big-performance-slowdow-windows-pc-2018-1 [Accessed 9 Jan. 2018].
Wolverton, T. (2018). Intel was aware of the chip vulnerability when its CEO sold off $24 million in company stock. [online] Business Insider. Available at: http://www.businessinsider.com/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1 [Accessed 9 Jan. 2018].
Bracing For a "Cyber 9/11"
The global war on terror has entered the digital age and it’s no longer a question of if there will be an attack on the world wide web but when! In this video Dan Dicks of Press For Truth speaks with James Corbett of The Corbett Report about what a possible cyber attack scenario might look like, who the perpetrators are likely to be, who the scapegoat will be to take the fall and most importantly what we all can do about it BEFORE it happens.
WannaCry is a software that has infected and taken control of Microsoft-operating software computers in at least 150 countries, requiring the owners to hundreds of dollars to obtain their files beginning Friday, May 12, 2017. The hacking tool was made possible by a backdoor in Microsoft's Windows software which was used by the U.S. National Security Agency (NSA) for its own use. The tool ended up in the hands of a mysterious hacking group known as the Shadow Brokers, which also published the exploits online. There has been a recurrent theme of the creation of backdoor exploits that leak into the the public domain and cause widespread damage (Volz, 2017).
Fortunately, a 22-year-old malware researcher by the name of MalwareTech, has inadvertently halted the spread of (one version of) WannaCry by purchasing a unregistered domain name in the randsomware for $10.69. While MalwareTech significantly prevented the spread of WannaCry, it is still possible for out-of-date Windows computers to become infected through other domain names (Larson, 2017).
MalwareTech stated, "...my registartion of [the domain] caused all infections globally to believe they were inside a sandbox and exit…thus we initially unintentionally prevented the spread and and further ransoming of computers infected with this malware. Of course now that we are aware of this, we will continue to host the domain to prevent any further infections from this sample" ("How to Accidentally Stop a Global Cyber Attacks | MalwareTech", 2017).
How to Accidentally Stop a Global Cyber Attacks | MalwareTech. (2017). Malwaretech.com. Retrieved 20 May 2017, from https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
Larson, S. (2017). Researcher accidentally stops massive cyberattack from spreading. KHON2. Retrieved 20 May 2017, from http://khon2.com/2017/05/13/researcher-accidentally-stops-massive-cyberattack-from-spreading/
Volz, D. (2017). Ransomware attack again thrusts U.S. spy agency into unwanted spotlight. Reuters. Retrieved 20 May 2017, from http://www.reuters.com/article/us-cyber-attack-blame-idUSKCN18C02D?il=0
This feed contains research, news, information, observations, and ideas at the level of the world.